host certification is about to expire
I get this message from ovirt: Message:Host <hostname> certification is about to expire at 2021-05-12. Please renew the host's certification. I tried putting host in maintenance mode and running "enroll certificate". Didn't help. How do I renew the certificate? I'm running* 4.3.9.4-1.el7* *Thanks.* -- This email, its contents and attachments contain information from J2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this email in error, please notify the sender by reply email and delete the original message and any copies.
On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james@j2.com> wrote:
I get this message from ovirt: Message:Host <hostname> certification is about to expire at 2021-05-12. Please renew the host's certification.
I tried putting host in maintenance mode and running "enroll certificate". Didn't help.
Please check/share relevant logs (on the engine machine) - /var/log/ovirt-engine/engine.log and /var/log/ovirt-engine/host-deploy/* . Thanks.
How do I renew the certificate?
'Enroll Certificate' should have worked. In principle you can also try 'Reinstall', which is not that much more drastic than 'Enroll Certificate' on a working host, but does do a bit more.
I'm running 4.3.9.4-1.el7
Please note that this is EOL. Also, the host-deploy code (including all of above) was rewritten in ansible in 4.4 (not implying the old code was/is broken, though). Best regards, -- Didi
Thank you for reply. Notice Enroll cert was done 4/15, but still getting notices. engine.log: 2021-04-19 20:05:59,922-07 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID: HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com certification is about to expire at 2021-05-12. Please renew the host's certification. .. 2021-04-15 20:25:47,964-07 INFO [org.ovirt.engine.core.bll.hostdeploy.Host EnrollCertificateCommand] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateCommand internal: false. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group EDIT_HOST_CONFIGURATION with role type ADMIN 2021-04-15 20:25:48,004-07 INFO [org.ovirt.engine.core.bll.hostdeploy.Host EnrollCertificateInternalCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateInternalCommand internal: true. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS 2021-04-15 20:25:48,012-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Installing', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 2c9a2bff 2021-04-15 20:25:48,021-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, return: , log id: 2c9a2bff 2021-04-15 20:25:48,037-07 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID: HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host ovirt1.j2noc.com was started (User: Bill.James@j2global.com @j2global.com-authz). 2021-04-15 20:25:48,058-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Maintenance', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: e46428c 2021-04-15 20:25:48,062-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, return: , log id: e46428c 2021-04-15 20:25:48,069-07 INFO [org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command: /usr/bin/ansible-playbook --ssh-common-args=-F /var/lib/ovirt-engine/.ssh/config -v --private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa --inventory=/tmp/ansible-inventory8413305606879978005 --extra-vars=ovirt_organizationname="j2noc.com" --extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE----- MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4 4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84 OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y +LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg== -----END CERTIFICATE----- " --extra-vars=ovirt_san="IP:10.144.110.99" --extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine" --extra-vars=ovirt_vds_hostname="10.144.110.99" --extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine" --extra-vars=ovirt_signcerttimeoutinseconds="30" --extra-vars=ovirt_ca_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ" --extra-vars=ovirt_vdscertificatevalidityinyears="5" /usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml [Logfile: /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log] ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log attached. On Mon, Apr 19, 2021 at 10:37 PM Yedidyah Bar David <didi@redhat.com> wrote:
On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james@j2.com> wrote:
I get this message from ovirt: Message:Host <hostname> certification is about to expire at 2021-05-12.
Please renew the host's certification.
I tried putting host in maintenance mode and running "enroll
certificate". Didn't help.
Please check/share relevant logs (on the engine machine) - /var/log/ovirt-engine/engine.log and /var/log/ovirt-engine/host-deploy/* . Thanks.
How do I renew the certificate?
'Enroll Certificate' should have worked. In principle you can also try 'Reinstall', which is not that much more drastic than 'Enroll Certificate' on a working host, but does do a bit more.
I'm running 4.3.9.4-1.el7
Please note that this is EOL. Also, the host-deploy code (including all of above) was rewritten in ansible in 4.4 (not implying the old code was/is broken, though).
Best regards, -- Didi
-- This email, its contents and attachments contain information from J2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this email in error, please notify the sender by reply email and delete the original message and any copies.
On Tue, Apr 20, 2021 at 9:07 PM Bill James <bill.james@j2.com> wrote:
Thank you for reply. Notice Enroll cert was done 4/15, but still getting notices.
engine.log:
2021-04-19 20:05:59,922-07 WARN [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID: HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com certification is about to expire at 2021-05-12. Please renew the host's certification.
..
2021-04-15 20:25:47,964-07 INFO [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateCommand] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateCommand internal: false. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group EDIT_HOST_CONFIGURATION with role type ADMIN
2021-04-15 20:25:48,004-07 INFO [org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateInternalCommand internal: true. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS
2021-04-15 20:25:48,012-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Installing', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 2c9a2bff
2021-04-15 20:25:48,021-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, return: , log id: 2c9a2bff
2021-04-15 20:25:48,037-07 INFO [org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID: HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host ovirt1.j2noc.com was started (User: Bill.James@j2global.com@j2global.com-authz).
2021-04-15 20:25:48,058-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Maintenance', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: e46428c
2021-04-15 20:25:48,062-07 INFO [org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH,
SetVdsStatusVDSCommand, return: , log id: e46428c
2021-04-15 20:25:48,069-07 INFO [org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command: /usr/bin/ansible-playbook --ssh-common-args=-F /var/lib/ovirt-engine/.ssh/config -v --private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa --inventory=/tmp/ansible-inventory8413305606879978005 --extra-vars=ovirt_organizationname="j2noc.com" --extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT
CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz
MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG
A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4
4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84
OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD
vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI
Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z
FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL
MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t
LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF
AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB
cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y
+LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z
IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd
PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg==
-----END CERTIFICATE-----
" --extra-vars=ovirt_san="IP:10.144.110.99" --extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine" --extra-vars=ovirt_vds_hostname="10.144.110.99" --extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine" --extra-vars=ovirt_signcerttimeoutinseconds="30" --extra-vars=ovirt_ca_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ" --extra-vars=ovirt_vdscertificatevalidityinyears="5" /usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml [Logfile: /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log]
ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log attached.
On Mon, Apr 19, 2021 at 10:37 PM Yedidyah Bar David <didi@redhat.com> wrote:
On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james@j2.com> wrote:
I get this message from ovirt: Message:Host <hostname> certification is about to expire at 2021-05-12. Please renew the host's certification.
I tried putting host in maintenance mode and running "enroll certificate". Didn't help.
Please check/share relevant logs (on the engine machine) - /var/log/ovirt-engine/engine.log and /var/log/ovirt-engine/host-deploy/* . Thanks.
How do I renew the certificate?
'Enroll Certificate' should have worked. In principle you can also try 'Reinstall', which is not that much more drastic than 'Enroll Certificate' on a working host, but does do a bit more.
I think "Enroll Certificate" does not restart vdsm, but vdsm probably only reads the new cert on startup. So perhaps try to put the host to maintenance and 'systemctl restart vdsmd' (or just reboot). Best regards, -- Didi
restarting vdsmd did the trick, thank you! On Tue, Apr 20, 2021 at 11:58 PM Yedidyah Bar David <didi@redhat.com> wrote:
On Tue, Apr 20, 2021 at 9:07 PM Bill James <bill.james@j2.com> wrote:
Thank you for reply. Notice Enroll cert was done 4/15, but still getting notices.
engine.log:
2021-04-19 20:05:59,922-07 WARN
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (EE-ManagedThreadFactory-engineScheduled-Thread-58) [] EVENT_ID: HOST_CERTIFICATION_IS_ABOUT_TO_EXPIRE(845), Host ovirt1.j2noc.com certification is about to expire at 2021-05-12. Please renew the host's certification.
..
2021-04-15 20:25:47,964-07 INFO
[org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateCommand] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateCommand internal: false. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDSAction group EDIT_HOST_CONFIGURATION with role type ADMIN
2021-04-15 20:25:48,004-07 INFO
[org.ovirt.engine.core.bll.hostdeploy.HostEnrollCertificateInternalCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Running command: HostEnrollCertificateInternalCommand internal: true. Entities affected : ID: 23d2c0ab-5dd1-43af-9db3-2a426a539faf Type: VDS
2021-04-15 20:25:48,012-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Installing', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: 2c9a2bff
2021-04-15 20:25:48,021-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH, SetVdsStatusVDSCommand, return: , log id: 2c9a2bff
2021-04-15 20:25:48,037-07 INFO
[org.ovirt.engine.core.dal.dbbroker.auditloghandling.AuditLogDirector] (default task-3) [6b9b252b-e78a-4f46-983c-58b4162c2818] EVENT_ID: HOST_CERTIFICATION_ENROLLMENT_STARTED(880), Enrolling certificate for host ovirt1.j2noc.com was started (User: Bill.James@j2global.com @j2global.com-authz).
2021-04-15 20:25:48,058-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] START, SetVdsStatusVDSCommand(HostName = ovirt1.j2noc.com, SetVdsStatusVDSCommandParameters:{hostId='23d2c0ab-5dd1-43af-9db3-2a426a539faf', status='Maintenance', nonOperationalReason='NONE', stopSpmFailureLogged='false', maintenanceReason='null'}), log id: e46428c
2021-04-15 20:25:48,062-07 INFO
[org.ovirt.engine.core.vdsbroker.SetVdsStatusVDSCommand] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] FINISH,
SetVdsStatusVDSCommand, return: , log id: e46428c
2021-04-15 20:25:48,069-07 INFO
[org.ovirt.engine.core.common.utils.ansible.AnsibleExecutor] (EE-ManagedThreadFactory-commandCoordinator-Thread-1) [6b9b252b-e78a-4f46-983c-58b4162c2818] Executing Ansible command: /usr/bin/ansible-playbook --ssh-common-args=-F /var/lib/ovirt-engine/.ssh/config -v --private-key=/etc/pki/ovirt-engine/keys/engine_id_rsa --inventory=/tmp/ansible-inventory8413305606879978005 --extra-vars=ovirt_organizationname="j2noc.com" --extra-vars=ovirt_ca_cert="-----BEGIN CERTIFICATE-----
MIIDrjCCApagAwIBAgICEAAwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoT
CWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MB4XDTE2MDUxMjE0NDUz
MloXDTI2MDUxMTE0NDUzMlowQTELMAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwG
A1UEAxMVb3ZpcnQuajJub2MuY29tLjE4NjU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvGatrRaRs2lnC/uT2caEij9cAzrYeJvnskCUY/iJoVGZuERDmU0QanvEUIIKlcjAqJsAb3Z4
4h63RoXNshnvFUP7L0DR2YvfrKWnDV3AlA/rEQ8jwLedGGsvM/AxzTMaSlnlcJYSlJXeQKHEhc84
OTF8k+KalJditE9XWS/Z+OV9T3RcnE5QpBNJDKgg0W42WU4Y2K8r+Jwpso0Ea7YZuMck8GORnQOD
vlQbGvj/6pOBcMyAIeVa0puTFIsGuje0dM7VUYl/DP/2T8kwJJtDM7cgaV94KSUTJbjdBLshWSPI
Jj5LK1s7k3FGqGlPdjiXsbccZ8wUs439HwjMm7C6SQIDAQABo4GvMIGsMB0GA1UdDgQWBBRVi07z
FIlc0PPtHF2JNIljlPnhXzBqBgNVHSMEYzBhgBRVi07zFIlc0PPtHF2JNIljlPnhX6FFpEMwQTEL
MAkGA1UEBhMCVVMxEjAQBgNVBAoTCWoybm9jLmNvbTEeMBwGA1UEAxMVb3ZpcnQuajJub2MuY29t
LjE4NjU1ggIQADAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUF
AAOCAQEAna9CJ3lO1OMMGrINg9L+0DrILXFB7BYdf+x+dbyFkok+GkXWnG9SUuXIRqu5myJUJxPB
cUOdxUvtgqp1ZHQ4noCACk7qcBDUEvkCsPiVqH0ogGuVkHzq8fl+L8VIZDH4cHYt4orhXiziPz8Y
+LQFzP+vgB91pW2fejd2vXOrHEldQmu+IOpy28m4KeP5f1cay8+GcwESBcwnnOssotT14oPmIs2Z
IIqdUyTEF0ILgBlEBOZBs27QhkqEI7ugyQfYosglS2PNTteOPmplapJ85fay+jElgXAIFD3gXSqd
PDGq+9R0ELaIbpx4VloTUgejgKgO4xcx24O6H5F+GDurQg==
-----END CERTIFICATE-----
" --extra-vars=ovirt_san="IP:10.144.110.99"
--extra-vars=ovirt_engine_usr="/usr/share/ovirt-engine" --extra-vars=ovirt_vds_hostname="10.144.110.99" --extra-vars=ovirt_pki_dir="/etc/pki/ovirt-engine" --extra-vars=ovirt_signcerttimeoutinseconds="30" --extra-vars=ovirt_ca_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8Zq2tFpGzaWcL+5PZxoSKP1wDOth4m+eyQJRj+ImhUZm4REOZTRBqe8RQggqVyMComwBvdnjiHrdGhc2yGe8VQ/svQNHZi9+spacNXcCUD+sRDyPAt50Yay8z8DHNMxpKWeVwlhKUld5AocSFzzg5MXyT4pqUl2K0T1dZL9n45X1PdFycTlCkE0kMqCDRbjZZThjYryv4nCmyjQRrthm4xyTwY5GdA4O+VBsa+P/qk4FwzIAh5VrSm5MUiwa6N7R0ztVRiX8M//ZPyTAkm0MztyBpX3gpJRMluN0EuyFZI8gmPksrWzuTcUaoaU92OJextxxnzBSzjf0fCMybsLpJ" --extra-vars=ovirt_vdscertificatevalidityinyears="5" /usr/share/ovirt-engine/playbooks/ovirt-host-enroll-certificate.yml [Logfile: /var/log/ovirt-engine/host-deploy/ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log]
ovirt-enroll-certs-ansible-20210415202548-10.144.110.99-6b9b252b-e78a-4f46-983c-58b4162c2818.log attached.
On Mon, Apr 19, 2021 at 10:37 PM Yedidyah Bar David <didi@redhat.com>
wrote:
On Mon, Apr 19, 2021 at 8:15 PM Bill James <bill.james@j2.com> wrote:
I get this message from ovirt: Message:Host <hostname> certification is about to expire at
2021-05-12. Please renew the host's certification.
I tried putting host in maintenance mode and running "enroll
certificate". Didn't help.
Please check/share relevant logs (on the engine machine) - /var/log/ovirt-engine/engine.log and /var/log/ovirt-engine/host-deploy/* . Thanks.
How do I renew the certificate?
'Enroll Certificate' should have worked. In principle you can also try 'Reinstall', which is not that much more drastic than 'Enroll Certificate' on a working host, but does do a bit more.
I think "Enroll Certificate" does not restart vdsm, but vdsm probably only reads the new cert on startup. So perhaps try to put the host to maintenance and 'systemctl restart vdsmd' (or just reboot).
Best regards, -- Didi
-- This email, its contents and attachments contain information from J2 Global, Inc. and/or its affiliates which may be privileged, confidential or otherwise protected from disclosure. The information is intended to be for the addressee(s) only. If you are not an addressee, any disclosure, copy, distribution or use of the contents of this message is prohibited. If you have received this email in error, please notify the sender by reply email and delete the original message and any copies.
participants (2)
-
Bill James -
Yedidyah Bar David